Method for Objectively and Completely Indentifying System Residual Vulnerabilities

1. A method for implementing an object based vulnerability model comprising the steps of: identifying each component in an information system and annotating such component in a database; decomposing each component into major functional objects and annotating each object in a database; identifying actions an attacker could take to modify a behavior of the functional objects in the information system and annotating such actions in a database; capturing a trust score and a trustworthiness score for each object and annotating the trust score and the trustworthiness score in the database; assessing each action on the structure, state, and inputs of each functional object to determine if an interaction exists and annotating the interaction existence in the database; applying preventive countermeasures to those interactions posing a risk; and applying reactive countermeasures to those interactions posing a risk not protected by preventative countermeasures.

2. The method as recited in claim 1 wherein the step of identifying every component in the information system and annotating such component in a database comprises: identifying active hardware devices listed in a bill of materials; identifying firmware; and identifying system software.

3. The method as recited in claim 1 wherein the step of decomposing each component into major functional objects and annotating each object in a database comprises: decomposing components into major functional objects; decomposing hardware components into objects consistent with hardware component design information provided by the vendor; decomposing firmware into functional blocks similar to hardware composition; decomposing software to functional objects; and listing each functional object in a matrix in its own row under a parent component.

4. The method as recited in claim 1 wherein the step of identifying actions associated with each object in an information system and annotating such action in a database comprises: populating an object based vulnerability matrix with actions as provided in a system architecture; and comparing identified actions against system design to determine if a target system supports additional operations.

5. The method as recited in claim 1 wherein the step of assessing each interaction to determine if an interaction exists with that object and annotating the interaction existence in the database comprises: characterizing each object action intersection as either no interaction, essential or nonessential; and determining if an object or an action needs to be split to allow its categorization.

6. The method as recited in claim 1 wherein the step of applying preventive countermeasures to those interactions posing a risk comprises: identifying a preventive countermeasure that prevents the action from manipulating the object; recording the applicable preventive countermeasure as identified into a matrix; mapping the preventive countermeasures to a parent object in the matrix; decomposing deployed preventive countermeasures into constituent elements; continuing to add preventive countermeasures until every nonessential interaction has been reviewed.

7. The method as recited in claim 1 wherein the step of applying reactive countermeasures to those interactions posing a risk not protected by preventive countermeasures comprises: analyzing possible effects of each unmitigated interaction; and adding a sensor to each interaction where the interaction is detectable.

8. A non-transitory machine-readable medium including instructions for implementing an object based vulnerability model comprising the steps of: identifying each component in the information system and annotating such component in a database; decomposing each component into major functional objects and annotating each object in a database; identifying actions an attacker could take to modify the behavior of the functional objects comprising an information system and annotating such action in a database; capturing a trust score and a trustworthiness score for each object and annotating the trust score and the trustworthiness score in the database; assessing each action on structure, state, and inputs of each functional object to determine if an interaction exists and annotating the interaction existence in the database; applying preventive countermeasures to those interactions posing a risk; and applying reactive countermeasures to those interactions posing a risk not protected by preventive countermeasures.